The threat posed by cyber-attacks is increasing from year to year - and that will not change in 2021 either. Of course, it is not possible to precisely predict which threats will arise in the current year. However, it is important to know the trends. Today's highly networked world offers criminals more and more opportunities to attack, not only through technology but also at the employee level. Any company and any IT landscape can be a target. A company that is familiar with the main developments sensitizes itself and its employees and works with experts can use a variety of protective mechanisms and thus face any threats more calmly. We have summarized the most important findings and trends for 2021 for you.
Ransomware Is
Becoming More Targeted
Cyber attacks, which are used to extort ransom from the attacked
person, are on the rise. They are essentially based on the fact that
criminal attackers encrypt hard disks, parts of hard disks, and files, and the
key required for decryption is only handed over after payment of the ransom. It
is assumed that fewer companies are currently in the focus of attack, but
larger companies, infrastructures, government organizations, and smart cities
are increasing. They are vulnerable: even the shortest of short downtimes
result in extreme costs. In general, only such companies can pay
the sometimes horrific sums that are extorted.
The ransomware used is becoming more sophisticated and variable,
ie it hides its purpose much more successfully than was previously the case. The
attackers will not let up in the face of the income that can be achieved: It is
estimated that large companies suffered an average of around 1.5 million
dollars in damage per successful attack. The detection and prevention of
ransomware attacks must therefore be given the highest priority.
In this context, data protection and backup solutions deserve
important attention: They must be checked and tested regularly. Because
backup systems are also attacked and compromised. Ultimately, if backups
fail, companies don't have much more to do than meet the ransom demands and
hope that encrypted data and systems will be accessible again.
Target of
Attack: People - Phishing and Social Engineering as A Threat
Attacks will be directed to a large extent against people, ie
attackers try to use sophisticated mechanisms to exploit human willingness to
help, the hierarchical structures of companies, and, in general, human
weaknesses. You are looking for a variety of ways to break into a company
and obtain confidential information. Potential attackers now have an
extensive market for “phishing services” at their disposal, tools are getting
better, prices are falling and mobile users are increasingly becoming the focus
of attack. Security providers such as Protegent have long since reacted to this and have
significantly refined their antivirus software, but the attackers are very clever at
combining the technical and human components.
Companies have to take countermeasures, e.g. through
intensive awareness campaigns. Such employee training courses are
inevitable and at the same time have the potential to be successful. Anyone
who has been informed about who can rely on precise and well-thought-out
company guidelines will be far more likely to see through "phishing
offers" and let them run nowhere. Basically, companies need to raise
awareness about social engineering - training and information, together with
technical mechanisms and guidelines, have a comparatively high impact.
Similar to ransomware, the attack route will continue to be
predominantly via email. Also, attackers can use various channels
to obtain important information with little effort. In general, they use
various attack platforms, be it SMS, messaging services, game platforms, and, in
general, social media. In this environment, they make use of all
possibilities to obtain personal data, access data, or similar information for
their purposes. You can also get credit card data or other sensitive
information relatively easily via online channels (e.g. via JavaScript). Payment
mechanisms on online platforms are often channels of attack. Experts see
an additional problem that such developments severely damage trust in social
media.
Private End
Devices, Third Party Access - the Gateway
Since corporate networks and devices are much better protected than private ones in times of increasingly distributed work structures (mobile working, mobile banking, remote access, etc.), attackers focus on the weaker link in the chain. If the use of private devices for corporate purposes is allowed, an attack channel is created. Therefore, appropriate protective measures are just as important as training: only if users are aware of the risks and this awareness is trained again and again, safety measures take effect and the advantages of the modern world of work come into play. The protective measures (from rights management to equipping private devices with appropriate protective mechanisms) must be taken and consistently monitored.
Since authorized access by third parties, e.g. B. suppliers, partners,
service providers, is increasing on company resources, the focus of attackers
is increasingly on them. It is therefore important to demand security
measures from these third parties by company standards.
Critical
Infrastructures
It is becoming apparent that the operators of critical
infrastructures (energy, health, finance, administrations, public utilities,
etc.) are increasingly becoming the focus of attackers. For this purpose,
they use the most highly developed attack methods (APT - Advanced Persistent
Threats). Critical infrastructure operators should be extremely vigilant. It
is expected that more attempts will be made to undermine the sovereignty of
countries, to manipulate electoral processes, and that general political
influence will be achieved with the help of criminal IT resources. Due to
the political situation, companies around the world are advised to pay strict
attention to their IT security.
Attacks on All
Channels, with All Tools - Under the Highest Disguise
Since attackers are often starting to use public file sharing and
hosting services over a secure connection (SSL) to spread malware, phishing,
etc., detection is becoming more and more difficult. Attackers are
increasingly using new technologies that are actually supposed to protect
individual privacy, such as DOH (DNS over HTTPS) or ESNI (Encrypted Server Name
Identification) and end-to-end technology to hide their activities. As a
result, it is problematic for the defenders to recognize attacks and to find
appropriate countermeasures and apply them successfully. Accordingly, it
is important to be prepared for this and, in particular, to secure sensitive
data with various means. The attackers use all sources, including
knowledge,
Cloud Requires
Investment
As cloud services are on the rise, attackers are increasingly
focusing on them. If companies map important strategies, development,
financial, and employee data via the cloud, this attracts attackers. You
put a lot more effort and criminal energy into these segments, the attacks
become more intelligent and dangerous. It should be noted that the cloud
providers do not assume any responsibility for the endpoint; this is
always the responsibility of the company. In the case of cloud services,
there is often the risk that data will be made accessible on the Internet due
to configuration errors.
Automation and
Transparency Are Becoming Essential.
Companies face the great challenge of having to monitor and
protect every corner of their network - from the endpoint to the cloud. It
is becoming more and more important to have a full overview of the
infrastructure and also of the applications. Companies that use passive
threat detection quickly reach their limits because they have to manually
correlate, analyze and evaluate an almost infinite amount of data. Security
solutions based on automation should therefore be at the top of 2021
priority list.
IoT in The
Attack Focus
In particular, the unmanageable and rapidly growing landscape of IoT applications provoke corresponding attacks. Certain applications, devices, and services are used specifically to gain access to human information and knowledge of industrial machines and processes. Manipulation of processes in the company is also conceivable. The attackers benefit from the fact that IoT devices are often negligently configured and not up to date. Therefore, IoT attacks are possible in many ways. Compromised IoT devices provide possible access to the company network.
However, current studies show that the threats have been successfully contained
in various IoT areas (e.g. remote control, direct Internet connections); but
there is still much to be done. It should not be forgotten that the number
of openly accessible gadgets will increase enormously, which in turn will
attract attackers. The same applies to building control systems: some of
them are operated by people who have little expertise in security. If the
company's own Security Operations Center (SOC) does not monitor these devices,
countermeasures must be taken. It is advisable to define IoT security as a
task of the SOC - regardless of whether it is owned by the company or by the
service provider. According to experts, increased DDoS attacks are to be
expected in connection with the further spread of the IoT.
IoT attacks can be contained through network segmentation, strictly controlled
access for partners, and sophisticated network monitoring. A new generation
of security mechanisms is on the rise. For example, “nano security agents”
work on all devices or operating systems in all environments and control the
entire flow of data to and from the device.
In this environment, the technical precautions play an important role, but the organizational level is just as important: The responsibilities must be clearly
defined so that it is established who has to do what in the event of an
attack.
5G
From 2021 onwards, companies will increasingly make use of the
possibilities of the new 5G mobile communications standard: the bandwidths are
increasing dramatically, and an abundance of devices and sensors will be used. In
the health sector, for example, new applications will collect huge amounts of
data on the state of health of people; in the transport sector, data on
mobility behavior will be added - including general areas of lifestyle (“smart
city”). This, in turn, opens up various attack scenarios - the valuable and
sensitive data must be adequately protected.
Artificial
Intelligence
A major trend is to increasingly rely on artificial intelligence (AI) mechanisms to defend against a variety of attacks. Human resources are expensive and have limited availability. In many cases, human action cannot ensure that immediate defense mechanisms are generated in real-time for the new, fast-moving threats. This is where AI comes into play: It can - especially in cooperation with experienced analysts - make significant contributions to keeping the security tools up to date in the shortest possible time and thus to constantly improve cybersecurity. New threats are identified much faster and blocked before they can spread. At the same time, AI helps to develop appropriate defense tools against new threats much faster.
However, it is to be expected that criminals will also resort to AI. This
in turn calls for more AI mechanisms to be used in defense. Otherwise, the
cost of meaningful defense increases significantly. This means that AI can
definitely be seen as a key factor in cybersecurity.
Cryptomining
In general, experts see that crypto-jacking attacks are on the
decline. On the one hand, various providers have developed protective
mechanisms, on the other hand, falling prices for cryptocurrencies make attacks
less lucrative. Nevertheless: Poorly protected servers remain at risk! Even
if such attacks were not excessively frequent in the past year, the amounts of
damage are considerable: They averaged over 1.6 million dollars per damage. The
recommendation is therefore clear: The risk of crypto mining requires
appropriate security solutions.
Outlook:
Security Is Based on Expert Knowledge
A higher awareness of safety and well-founded advice from experienced experts makes it possible to act more energetically and purposefully. A rethinking is required at the highest level of every company: The normal case is that companies are attacked, this is called the "Assume Breach Approach". The absence of an attack should be viewed as a special case. It is therefore of vital importance that the business processes of companies are further developed to become resilient to cyber-attacks and to maintain an acceptable level of service even in the event of damage. ISPIN can do you, thanks to its own Security Operation Center and your experience as a cybersecurity service provider for a wide variety of companies and industries, accompany you on the way to transform your company into a cyber-resilient organization.

No comments:
Post a Comment